VMware {code} Community
fusp
Contributor
Contributor
‎01-04-2019 01:25 AM

Filtering Based on User Privilege Level doesn't work for object navigator extension point

Hi,

I'm developing a plugin for vSphere html client(build number 6.5.0.20000).  I want to add a entry in the global object navigator, and limit the access to vCenter user who has privilege Global.Licenses(just for example here). Sample plug-in.xml below. I login with vCenter administrator which has all privileges, but when access it,  H5 client shows "You have no privileges to view this object or it does not exist.". It works if i remove the privilege metadata. This issue blocks the implementation of privilege control for the extension. Is it a H5 client defect? It would be appreciated if you can shade some light on this asap, tks.

<extension id="entryPoint">
<extendedPoint>vise.navigator.nodespecs</extendedPoint>
<object>
<title>test</title>
<parentUid>vsphere.core.navigator.solutionsCategory</parentUid>
<navigationTargetUid>home</navigationTargetUid>
<viewOpenedUponFocus className="com.vmware.ui.objectnavigator.views.CategoryNodeTreeView" />
</object>
</extension>
 
<extension id="home">
<extendedPoint>vise.global.views</extendedPoint>
<object>
<name>test</name>
<componentClass className="com.vmware.vsphere.client.htmlbridge.HtmlView">
<object>
<root>
<url>/vsphere-client/test/index.html?view=home</url>
</root>
</object>
</componentClass>
</object>
<metadata>
      <privilege>Global.Licenses</privilege>
</metadata>
</extension>
0 Kudos
9 Replies
Denis_Chorbadzh
VMware Employee
VMware Employee
‎01-04-2019 04:34 AM

Hi,

 

This is a known issue which we have already addressed in 6.7U1 release of the vSphere Client.

You can see the exact same problem being present in the "Resolved Issues" section of the vSphere Client SDK 6.7 Update 1 Release Notes (https://code.vmware.com/web/sdk/67/client - bottom of the page)

 

Best Regards,

Denis

0 Kudos
fusp
Contributor
Contributor
‎01-07-2019 12:55 AM

Thanks Denis, I test it on vCenter 6.7 U1 below:

     1) vSphere HTML Client version 6.7.0.20000,

     2)  build number : The binary i used is VMware-VCSA-all-6.7.0-10244745 .iso, but after installation, build number on HTML client shows 10244857

Unfortunately, it still doesn't work with the HTML client.  It shows the same error msg "You have no privileges to view this object or it does not exist.", could you advise what further action i can take?

0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee
‎01-07-2019 01:53 AM

Hi,

 

Thank you for the feedback.

Please make sure you are adding the <privilege> tag only to the global view and not to the entry in the object navigator. As per the documentation "Filtering by privilege is not supported for shortcuts and Object Navigator extensions which should be always visible in the vSphere Client ".

In addition, is it possible to send us the full plugin.xml and reproduce the problem with the HTML Sample plugin (present in the vSphere Client SDK .zip) so that we can investigate further.

 

Best Regards,

Denis

0 Kudos
fusp
Contributor
Contributor
‎01-08-2019 06:52 PM

Thanks for your advise. I tried the html-sample, it works!!

After comparing with our plugin, the difference is it use <contentSpec> to load the page while i use <componentClass className="com.vmware.vsphere.client.htmlbridge.HtmlView">.

So i updated  plugin.xml (Attached) of the html-samle to use the htmlbridge instead, then when access the welcome page, the error msg shows up again. If remove the privilege, it can show the page correctly.

Pls advise whether <contentSpec> is the suggested way for html plug-in? i switch to use it instead of the htmlbridge in our plugin, it works.

plugin.xml.zip
0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee
‎01-08-2019 10:37 PM

Yes, <contentSpec> is the recommended way for developing html plugins.

You can find examples in the vSphere Client SDK Documentation. See Developing Local Plug-ins with the vSphere Client SDK

 

Regards,

Denis

0 Kudos
fusp
Contributor
Contributor
‎01-09-2019 12:06 AM

Thanks for your quick response, Denis. Does vmware has the plan to fix this for vSphere 6.5? Though we have a Flex plug-in which can support v6.5, but we want to deprecate it  after releasing the H5 plug-in. Privilege control is a must for security, it will be a big gap if the H5 plug-in cann't support v6.5 due to the issue.

0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee
‎01-09-2019 12:17 AM

Yes, the <privilege> filtering will be supported in vSphere 6.5 releases.

In fact, we have already ported the fix in vSphere 6.5 codebase, however, it is not present in the latest release (6.5U2d).

Expect the issue to be fixed in a next vSphere 6.5 release.

0 Kudos
fusp
Contributor
Contributor
‎01-09-2019 12:21 AM

That's really a good news, appreciate your support.

0 Kudos
Denis_Chorbadzh
VMware Employee
VMware Employee
‎01-09-2019 12:24 AM

You are welcome 🙂
0 Kudos